oauth 0.5.12 → 0.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1383760af4fa4c23f17387391201215fae2fb7547e5416f47b293f53a1cf95a5
-  data.tar.gz: 60b6383d43251da5bd3f410fd08cb4b537b82bc9a4ceda74a18803deb5282781
+  metadata.gz: 414ee66cdf6d7d20e2caddba76264dc3a5d5d058157abe8cd77907cfe42e2fbe
+  data.tar.gz: de2152db1bf49cb9397bb95eaf10ebbe67f755f3de478cb36e4350beda3b2b5f
 SHA512:
-  metadata.gz: f4ccb62d26bcfa62ca0b7f1bf578d3e4f4d0a1c97c59289843450c67bfdf5dd3793eefc1fd4d6c533447f95bb229d85192677b8711bfdad56843ea0ddc82677f
-  data.tar.gz: eb3f300e571daee4cd9ca6fedf75eaefaf0a315469651949a24a8786d6474353b374121379dd52acd3a72b2f580a87fd2ac3443436d447083da87913784b16ec
+  metadata.gz: 2ab63e0e09c842637f45bf7053eae8c834238b36cee7ae8771a70766c51cea0a1b1277c025a46caa9fb5499fd93ff342749dc42e70bb5a3351a169b894602f0d
+  data.tar.gz: aca6573f60c0926534fa3f6b1e40695c3ddb96ee9153cc9a3bc3bf6948d831918c1f358afde4273eca4a9608b2e20cc75e8b86a2e9cc53ab257d1084a6130e0a

data/CHANGELOG.md

@@ -13,11 +13,45 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Removed
 
+## [0.6.1] 2022-08-23
+### Changed
+* Fixed documentation in SECURITY.md
+* Change references to master => main
+
+### Added
+* Post install note about v0.6.x EOL approaching in April, 2024
+
+## [0.6.0] 2022-08-23
+### Added
+* New option `body_hash_enabled` which defaults to true to maintain backward compatibility with prior releases. Setting to `false` disables generation of a `oauth_body_hash` component as part of the signature computation.
+* Improved documentation of support policy via Tidelift
+* Stop testing against active_support v2
+
+### Changed
+* Utilize version_gem extracted from oauth2 gem for VERSION
+  * Added new `OAuth::Version` namespace
+  * VERSION constant now at `OAuth::Version::VERSION`
+
+### Removed
+* Ruby 2.0, 2.1, 2.2, and 2.3 are no longer valid install targets
+
+## [0.5.13] 2022-08-23
+The "I think I caught 'em all!" Release
+
+### Fixed
+* Typo oauth2 => oauth as gem name in one more place.
+
+## [0.5.12] 2022-08-23
+The "Typoes are just the worst!" Release
+
+### Fixed
+* Typo oauth2 => oauth as gem name in a couple places.
+
 ## [0.5.11] 2022-08-23
 The "Is this the last release with a silly name?" Release
 
 ### Added
-* Post install note about EOL approaching in April, 2023
+* Post install note about v0.5.x EOL approaching in April, 2023
 
 ### Changed
 * Improved documentation
@@ -299,7 +333,7 @@ The "Can it be the end of the line for 0.5.x?" Release
 
 ## [0.3.4] 2009-05-06
 ### Changed
-* OAuth::Client::Helper uses OAuth::VERSION (chadisfaction)
+* OAuth::Client::Helper uses OAuth::Version::VERSION (chadisfaction)
 
 ### Fixed
 * Fix OAuth::RequestProxy::ActionControllerRequest's handling of params (Tristan Groléat)
@@ -397,7 +431,11 @@ but please have a look at the unit tests.
 * Moved all non-Rails functionality from the Rails plugin:
   http://code.google.com/p/oauth-plugin/
 
-[Unreleased]: https://github.com/oauth-xx/oauth-ruby/compare/v0.5.11...v0.5-maintenance
+[Unreleased]: https://github.com/oauth-xx/oauth-ruby/compare/v0.6.1...v0.6-maintenance
+[0.6.1]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.6.1
+[0.6.0]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.6.0
+[0.5.13]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.13
+[0.5.12]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.12
 [0.5.11]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.11
 [0.5.10]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.10
 [0.5.9]: https://github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.9

data/README.md

@@ -22,8 +22,8 @@ See the sibling `oauth2` gem for OAuth 2.0 implementations in Ruby.
 
 **NOTE**
 
-This README, on branch `v0.5-maintenance`, targets 0.5.x series releases.
-The v0.5.x series of releases will be EOL no later than April, 2023.
+This README, on branch `v0.6-maintenance`, targets 0.6.x series releases.
+The v0.6.x series of releases will be EOL no later than April, 2024.
 For later releases please see the `main` branch README.
 
 ## Status
@@ -55,15 +55,15 @@ appended indicators:
 ♻️ - URL needs to be updated from SASS integration. Find / Replace is insufficient.
 -->
 
-|     | Project               | bundle add oauth2                                                                                                                                                                                                                                                                              |
-|:----|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 1️⃣ | name, license, docs   | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard]                                                                                             |
-| 2️⃣ | version & activity    | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] |
-| 3️⃣ | maintenance & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc]                     |
-| 4️⃣ | testing               | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf]            |
-| 5️⃣ | coverage & security   | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf]                             |
-| 6️⃣ | resources             | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki]                                                                                    |
-| 7️⃣ | spread 💖             | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme]                                                                                             |
+|     | Project               | bundle add oauth                                                                                                                                                                                                                                                                                |
+|:----|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 1️⃣ | name, license, docs   | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard]                                                                                              |
+| 2️⃣ | version & activity    | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] <!--[![Next Version][📗next-img]][📗next]--> |
+| 3️⃣ | maintenance & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc]                      |
+| 4️⃣ | testing               | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf]             |
+| 5️⃣ | coverage & security   | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf]                              |
+| 6️⃣ | resources             | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki]                                                                                     |
+| 7️⃣ | spread 💖             | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme]                                                                                                                 |
 
 <!--
 The link tokens in the following sections should be kept ordered by the row and badge numbering scheme
@@ -187,12 +187,14 @@ For more see [SECURITY.md][🚎sec-pol].
 ## Compatibility
 
 Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0, and
-3.1. Ruby is limited to 2.0+ in the gemspec on this `v0.5-maintenance` branch.
+3.1. Ruby is limited to 2.4+ in the gemspec, and this will change with minor version bumps,
+while the gem is still in 0.x, in accordance with the SemVer spec.
 
-The `v0.6-maintenance` branch targets 0.6.x releases.
-See `v0.5-maintenance` branch for older rubies.
+The `main` branch now targets 1.0.x releases.
+See `v0.6-maintenance` branch for Ruby >= 2.4.
+See `v0.5-maintenance` branch for Ruby >= 2.0.
 
-NOTE: No further releases of the 0.5.x series are anticipated.
+NOTE: No further releases of version < 1.0.x are anticipated.
 
 <details>
   <summary>Ruby Engine Compatibility Policy</summary>
@@ -222,17 +224,18 @@ fashion. If critical issues for a particular implementation exist at the time
 of a major release, support for that Ruby version may be dropped.
 </details>
 
-|     | Ruby OAuth Version | Maintenance Branch | 🚂 Compatibility       | Official 💎          | Unofficial 💎           | Incidental 💎 |
-|:----|--------------------|--------------------|------------------------|----------------------|-------------------------|---------------|
-| 1️⃣ | 1.0.x              | `main`             | Rails 6, 7             | 2.7, 3.0, 3.1        | sorry, not sorry        | nope          |
-| 2️⃣ | 0.6.x              | `v0.6-maintenance` | Rails 5, 6, 7          | 2.7, 3.0, 3.1        | 2.5, 2.6                | 2.4           |
-| 3️⃣ | 0.5.x              | `v0.5-maintenance` | Rails 2, 3, 4, 5, 6, 7 | 2.7, 3.0, 3.1        | 2.2, 2.3, 2.4, 2.5, 2.6 | 2.0, 2.1      |
-| 4️⃣ | older              | N/A                |                        | Best of luck to you! | Please upgrade!         | noop          |
+|     | Ruby OAuth Version | Maintenance Branch | 🚂 Compatibility       | Official 💎          | Unofficial 💎                | Incidental 💎 |
+|:----|--------------------|--------------------|------------------------|----------------------|------------------------------|---------------|
+| 1️⃣ | 1.0.x              | `main`             | Rails 6, 7             | 2.7, 3.0, 3.1        | sorry, not sorry             | nope          |
+| 2️⃣ | 0.6.x              | `v0.6-maintenance` | Rails 5, 6, 7          | 2.7, 3.0, 3.1        | 2.5, 2.6                     | 2.4           |
+| 3️⃣ | 0.5.x              | `v0.5-maintenance` | Rails 2, 3, 4, 5, 6, 7 | 2.7, 3.0, 3.1        | 2.1, 2.2, 2.3, 2.4, 2.5, 2.6 | 2.0           |
+| 4️⃣ | older              | N/A                |                        | Best of luck to you! | Please upgrade!              | noop          |
 
-NOTE: Support for version 0.5.x will end in April, 2023
 NOTE: Once 1.0 is released, the 0.x series will only receive critical bug and security updates.
 See [SECURITY.md][🚎sec-pol]
 
+🚂 NOTE: See notes on Rails in next section.
+
 ## Basics
 
 This is a ruby library which is intended to be used in creating Ruby Consumer
@@ -257,38 +260,46 @@ callback_url = "http://127.0.0.1:3000/oauth/callback"
 
 Create a new `OAuth::Consumer` instance by passing it a configuration hash:
 
-    oauth_consumer = OAuth::Consumer.new("key", "secret", :site => "https://agree2")
+```ruby
+oauth_consumer = OAuth::Consumer.new("key", "secret", site: "https://agree2")
+```
 
 Start the process by requesting a token
 
-    request_token = oauth_consumer.get_request_token(:oauth_callback => callback_url)
+```ruby
+request_token = oauth_consumer.get_request_token(oauth_callback: callback_url)
 
-    session[:token] = request_token.token
-    session[:token_secret] = request_token.secret
-    redirect_to request_token.authorize_url(:oauth_callback => callback_url)
+session[:token] = request_token.token
+session[:token_secret] = request_token.secret
+redirect_to request_token.authorize_url(oauth_callback: callback_url)
+```
 
 When user returns create an access_token
 
-    hash = { oauth_token: session[:token], oauth_token_secret: session[:token_secret]}
-    request_token  = OAuth::RequestToken.from_hash(oauth_consumer, hash)
-    access_token = request_token.get_access_token
-    # For 3-legged authorization, flow oauth_verifier is passed as param in callback
-    # access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])
-    @photos = access_token.get('/photos.xml')
+```ruby
+hash = { oauth_token: session[:token], oauth_token_secret: session[:token_secret] }
+request_token = OAuth::RequestToken.from_hash(oauth_consumer, hash)
+access_token = request_token.get_access_token
+# For 3-legged authorization, flow oauth_verifier is passed as param in callback
+# access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])
+@photos = access_token.get("/photos.xml")
+```
 
 Now that you have an access token, you can use Typhoeus to interact with the
 OAuth provider if you choose.
 
-    require 'typhoeus'
-    require 'oauth/request_proxy/typhoeus_request'
-    oauth_params = {:consumer => oauth_consumer, :token => access_token}
-    hydra = Typhoeus::Hydra.new
-    req = Typhoeus::Request.new(uri, options) # :method needs to be specified in options
-    oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(:request_uri => uri))
-    req.options[:headers].merge!({"Authorization" => oauth_helper.header}) # Signs the request
-    hydra.queue(req)
-    hydra.run
-    @response = req.response
+```ruby
+require "typhoeus"
+require "oauth/request_proxy/typhoeus_request"
+oauth_params = { consumer: oauth_consumer, token: access_token }
+hydra = Typhoeus::Hydra.new
+req = Typhoeus::Request.new(uri, options) # :method needs to be specified in options
+oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(request_uri: uri))
+req.options[:headers]["Authorization"] = oauth_helper.header # Signs the request
+hydra.queue(req)
+hydra.run
+@response = req.response
+```
 
 ## More Information
 
@@ -316,13 +327,12 @@ immediately released that restores compatibility. Breaking changes to the public
 major versions.  Compatibility with a major and minor versions of Ruby will only be changed with a major version bump.
 
 As a result of this policy, you can (and should) specify a dependency on this gem using
-the [Pessimistic Version Constraint][pvc] with two digits of precision once it hits a 1.0 release.
-While on 0.x releases three digits of precision should be used.
+the [Pessimistic Version Constraint][pvc] with two digits of precision.
 
 For example:
 
 ```ruby
-spec.add_dependency "oauth", "~> 0.5.10"
+spec.add_dependency "oauth", "~> 0.6.0"
 ```
 
 ## License

data/SECURITY.md

@@ -8,8 +8,6 @@
 | 0.5.x   | :white_check_mark: |
 | <= 0.5  | :x:                |
 
-NOTE: Support for version 0.5.x will end in April, 2023
-
 ## Reporting a Vulnerability
 
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).

data/bin/oauth

@@ -1,11 +1,15 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require_relative "../lib/oauth"
+require "oauth"
 require "oauth/cli"
 
-Signal.trap("INT") { puts; exit(1) } # don't dump a backtrace on a ^C
-
+# don't dump a backtrace on a ^C
+Signal.trap("INT") do
+  puts
+  exit(1)
+end
 ARGV << "help" if ARGV.empty?
 command = ARGV.shift
 
-OAuth::CLI.new(STDOUT, STDIN, STDERR, command, ARGV).run
+OAuth::CLI.new($stdout, $stdin, $stderr, command, ARGV).run

data/lib/oauth/cli/authorize_command.rb

@@ -1,69 +1,73 @@
-class OAuth::CLI
-  class AuthorizeCommand < BaseCommand
-    def required_options
-      [:uri]
-    end
-
-    def _run
-      request_token = get_request_token
+# frozen_string_literal: true
 
-      if request_token.callback_confirmed?
-        puts "Server appears to support OAuth 1.0a; enabling support."
-        options[:version] = "1.0a"
+module OAuth
+  class CLI
+    class AuthorizeCommand < BaseCommand
+      def required_options
+        [:uri]
       end
 
-      puts "Please visit this url to authorize:"
-      puts request_token.authorize_url
+      def _run
+        request_token = get_request_token
 
-      # parameters for OAuth 1.0a
-      oauth_verifier = ask_user_for_verifier
+        if request_token.callback_confirmed?
+          puts "Server appears to support OAuth 1.0a; enabling support."
+          options[:version] = "1.0a"
+        end
 
-      verbosely_get_access_token(request_token, oauth_verifier)
-    end
+        puts "Please visit this url to authorize:"
+        puts request_token.authorize_url
 
-    def get_request_token
-      consumer = get_consumer
-      scope_options = options[:scope] ? { "scope" => options[:scope] } : {}
-      consumer.get_request_token({ oauth_callback: options[:oauth_callback] }, scope_options)
-    rescue OAuth::Unauthorized => e
-      alert "A problem occurred while attempting to authorize:"
-      alert e
-      alert e.request.body
-    end
+        # parameters for OAuth 1.0a
+        oauth_verifier = ask_user_for_verifier
 
-    def get_consumer
-      OAuth::Consumer.new \
-        options[:oauth_consumer_key],
-        options[:oauth_consumer_secret],
-        access_token_url: options[:access_token_url],
-        authorize_url: options[:authorize_url],
-        request_token_url: options[:request_token_url],
-        scheme: options[:scheme],
-        http_method: options[:method].to_s.downcase.to_sym
-    end
+        verbosely_get_access_token(request_token, oauth_verifier)
+      end
 
-    def ask_user_for_verifier
-      if options[:version] == "1.0a"
-        puts "Please enter the verification code provided by the SP (oauth_verifier):"
-        @stdin.gets.chomp
-      else
-        puts "Press return to continue..."
-        @stdin.gets
-        nil
+      def get_request_token
+        consumer = get_consumer
+        scope_options = options[:scope] ? { "scope" => options[:scope] } : {}
+        consumer.get_request_token({ oauth_callback: options[:oauth_callback] }, scope_options)
+      rescue OAuth::Unauthorized => e
+        alert "A problem occurred while attempting to authorize:"
+        alert e
+        alert e.request.body
+      end
+
+      def get_consumer
+        OAuth::Consumer.new \
+          options[:oauth_consumer_key],
+          options[:oauth_consumer_secret],
+          access_token_url: options[:access_token_url],
+          authorize_url: options[:authorize_url],
+          request_token_url: options[:request_token_url],
+          scheme: options[:scheme],
+          http_method: options[:method].to_s.downcase.to_sym
+      end
+
+      def ask_user_for_verifier
+        if options[:version] == "1.0a"
+          puts "Please enter the verification code provided by the SP (oauth_verifier):"
+          @stdin.gets.chomp
+        else
+          puts "Press return to continue..."
+          @stdin.gets
+          nil
+        end
       end
-    end
 
-    def verbosely_get_access_token(request_token, oauth_verifier)
-      access_token = request_token.get_access_token(oauth_verifier: oauth_verifier)
+      def verbosely_get_access_token(request_token, oauth_verifier)
+        access_token = request_token.get_access_token(oauth_verifier: oauth_verifier)
 
-      puts "Response:"
-      access_token.params.each do |k, v|
-        puts "  #{k}: #{v}" unless k.is_a?(Symbol)
+        puts "Response:"
+        access_token.params.each do |k, v|
+          puts "  #{k}: #{v}" unless k.is_a?(Symbol)
+        end
+      rescue OAuth::Unauthorized => e
+        alert "A problem occurred while attempting to obtain an access token:"
+        alert e
+        alert e.request.body
       end
-    rescue OAuth::Unauthorized => e
-      alert "A problem occurred while attempting to obtain an access token:"
-      alert e
-      alert e.request.body
     end
   end
 end